National Vulnerability Database (NVD) National Vulnerability Database (CVE-2008-3639)

National Cyber-Alert System

Vulnerability Summary for CVE-2008-3639

Original release date:10/14/2008

Last revised:06/19/2009

Source: US-CERT/NIST

Overview

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: FEDORA

Name: FEDORA-2008-8844

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html

External Source: FEDORA

Name: FEDORA-2008-8801

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html

External Source: XF

Name: cups-readrle16-bo(45789)

Hyperlink:http://xforce.iss.net/xforce/xfdb/45789

External Source: VUPEN

Name: ADV-2009-1568

Hyperlink:http://www.vupen.com/english/advisories/2009/1568

External Source: UBUNTU

Name: USN-656-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-656-1

External Source: SECTRACK

Name: 1021033

Hyperlink:http://www.securitytracker.com/id?1021033

External Source: BID

Name: 31690

Hyperlink:http://www.securityfocus.com/bid/31690

External Source: REDHAT

Name: RHSA-2008:0937

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0937.html

External Source: MANDRIVA

Name: MDVSA-2008:211

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:211

External Source: GENTOO

Name: GLSA-200812-11

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml

External Source: VUPEN

Name: ADV-2008-3401

Hyperlink:http://www.frsirt.com/english/advisories/2008/3401

External Source: VUPEN

Name: ADV-2008-2782

Type: Advisory

Hyperlink:http://www.frsirt.com/english/advisories/2008/2782

External Source: DEBIAN

Name: DSA-1656

Hyperlink:http://www.debian.org/security/2008/dsa-1656

External Source: CONFIRM

Name: http://www.cups.org/str.php?L2918

Type: Advisory

Hyperlink:http://www.cups.org/str.php?L2918

External Source: CONFIRM

Name: http://www.cups.org/articles.php?L575

Hyperlink:http://www.cups.org/articles.php?L575

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm

External Source: SUNALERT

Name: 261088

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1

External Source: SECUNIA

Name: 33111

Hyperlink:http://secunia.com/advisories/33111

External Source: SECUNIA

Name: 33085

Hyperlink:http://secunia.com/advisories/33085

External Source: SECUNIA

Name: 32316

Type: Advisory

Hyperlink:http://secunia.com/advisories/32316

External Source: SECUNIA

Name: 32292

Type: Advisory

Hyperlink:http://secunia.com/advisories/32292

External Source: SECUNIA

Name: 32284

Type: Advisory

Hyperlink:http://secunia.com/advisories/32284

External Source: SECUNIA

Name: 32226

Type: Advisory

Hyperlink:http://secunia.com/advisories/32226

External Source: SECUNIA

Name: 32084

Type: Advisory

Hyperlink:http://secunia.com/advisories/32084

External Source: SUSE

Name: SUSE-SR:2008:021

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html

External Source: IDEFENSE

Name: 20081009 Multiple Vendor CUPS SGI imagetops Heap Overflow Vulnerability

Hyperlink:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753

Vulnerable software and versions

Configuration 1

* cpe:/a:apple:cups:1.1

* cpe:/a:apple:cups:1.1.10-1

* cpe:/a:apple:cups:1.1.1

* cpe:/a:apple:cups:1.1.10

* cpe:/a:apple:cups:1.1.15

* cpe:/a:apple:cups:1.1.12

* cpe:/a:apple:cups:1.1.11

* cpe:/a:apple:cups:1.1.14

* cpe:/a:apple:cups:1.1.13

* cpe:/a:apple:cups:1.1.19:rc2

* cpe:/a:apple:cups:1.1.19:rc3

* cpe:/a:apple:cups:1.1.19

* cpe:/a:apple:cups:1.1.19:rc1

* cpe:/a:apple:cups:1.1.19:rc4

* cpe:/a:apple:cups:1.1.19:rc5

* cpe:/a:apple:cups:1.1.16

* cpe:/a:apple:cups:1.1.18

* cpe:/a:apple:cups:1.1.17

* cpe:/a:apple:cups:1.1.2

* cpe:/a:apple:cups:1.1.20

* cpe:/a:apple:cups:1.1.20:rc1

* cpe:/a:apple:cups:1.1.20:rc4

* cpe:/a:apple:cups:1.1.20:rc5

* cpe:/a:apple:cups:1.1.20:rc2

* cpe:/a:apple:cups:1.1.20:rc3

* cpe:/a:apple:cups:1.1.21:rc1

* cpe:/a:apple:cups:1.1.21

* cpe:/a:apple:cups:1.1.20:rc6

* cpe:/a:apple:cups:1.1.21:rc2

* cpe:/a:apple:cups:1.1.23:rc1

* cpe:/a:apple:cups:1.1.22

* cpe:/a:apple:cups:1.1.22:rc2

* cpe:/a:apple:cups:1.1.22:rc1

* cpe:/a:apple:cups:1.1.23

* cpe:/a:apple:cups:1.1.5-1

* cpe:/a:apple:cups:1.1.5-2

* cpe:/a:apple:cups:1.1.3

* cpe:/a:apple:cups:1.1.4

* cpe:/a:apple:cups:1.1.5

* cpe:/a:apple:cups:1.2.1

* cpe:/a:apple:cups:1.2.0

* cpe:/a:apple:cups:1.1.6

* cpe:/a:apple:cups:1.1.6-1

* cpe:/a:apple:cups:1.1.9

* cpe:/a:apple:cups:1.1.9-1

* cpe:/a:apple:cups:1.1.6-3

* cpe:/a:apple:cups:1.1.6-2

* cpe:/a:apple:cups:1.1.8

* cpe:/a:apple:cups:1.1.7

* cpe:/a:apple:cups:1.2.5

* cpe:/a:apple:cups:1.2.4

* cpe:/a:apple:cups:1.2.3

* cpe:/a:apple:cups:1.2.2

* cpe:/a:apple:cups:1.2.6

* cpe:/a:apple:cups:1.2.7

* cpe:/a:apple:cups:1.2.8

* cpe:/a:apple:cups:1.2.10

* cpe:/a:apple:cups:1.2.11

* cpe:/a:apple:cups:1.2.12

* cpe:/a:apple:cups:1.2:rc1

* cpe:/a:apple:cups:1.2:b2

* cpe:/a:apple:cups:1.2:b1

* cpe:/a:apple:cups:1.2:rc3

* cpe:/a:apple:cups:1.2:rc2

* cpe:/a:apple:cups:1.2.9

* cpe:/a:apple:cups:1.3.0

* cpe:/a:apple:cups:1.3.1

* cpe:/a:apple:cups:1.3.2

* cpe:/a:apple:cups:1.3.3

* cpe:/a:apple:cups:1.3.6

* cpe:/a:apple:cups:1.3:b1

* cpe:/a:apple:cups:1.3:rc1

* cpe:/a:apple:cups:1.3:rc2

* cpe:/a:apple:cups:1.3.4

* cpe:/a:apple:cups:1.3.5

* cpe:/a:apple:cups:1.3.7

* cpe:/a:apple:cups:1.3.8 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Buffer Errors (CWE-119)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639